Internet Explorer ignores Content-Disposition over HTTPS

Question

I'm attaching a file to an http response using this header:

Content-Disposition: attachment; filename="example.doc"

It works perfectly unless I try to download the file over HTTPS using Internet Explorer. IE ignores the Content-Disposition header and just tries to download the server-side script file (classic ASP) and fails.

I've tried all kinds of variations of headers (mostly cache-related) with no success at all.

How can I get IE to recognize the attached file?

Edit: The download request is sent by setting the src attribute of an iframe. Downloads work perfectly when not using an iframe.

Edit 2: When the download confirmation dialog appears I can click Open to open the file in IE, but saving the file doesn't work. The error:

Unable to download download.asp from server.com.

Unable to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.

Answer 1

Maybe try this workaround?

<iframe src="page.html?var=xxx" id="theframe"></iframe>

<script>
var _theframe = document.getElementById("theframe");
_theframe.contentWindow.location.href = _theframe.src;
</script>

Answer 2

Are you setting the ContentType? Try setting the Cache-Control also.

Response.ContentType = "application/vnd.ms-word"
Response.AddHeader "Cache-Control", "max-age=0" 

Answer 3

When Internet Explorer communicates with a secure Web site through SSL, Internet Explorer enforces any no-cache request. If the header or headers are present, Internet Explorer does not cache the file. Consequently, Office cannot open the file.

Web sites that want to allow this type of operation should remove the no-cache header or headers.